From f3ec923656e1888d33498a21ac123b7ecba5defd Mon Sep 17 00:00:00 2001
From: Pavel 'LEdoian' Turinsky <ledoian@matfyz.cz>
Date: Sun, 9 Jan 2022 18:11:13 +0100
Subject: [PATCH] Initial implementation of the munger.

Not tested
---
 munge.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 munge.py

diff --git a/munge.py b/munge.py
new file mode 100644
index 0000000..110cc26
--- /dev/null
+++ b/munge.py
@@ -0,0 +1,29 @@
+from Crypto.Cipher import AES
+from authorizedkeys.parser import parse_file, dump_file, AuthorizedKey
+import sys
+from base64 import b64decode, b64encode
+
+# TODO: argument parsing!
+
+# TODO: We currently do not care for authenticity, since we are only concerned
+# with the comment. We could sign the rest of the data in the comment and do
+# some AEAD, but we currently do not.
+key = open('secret', 'rb').read(16)
+iv = b"WTF I don't care"
+cipher = AES.new(key, AES.MODE_CBC, iv=iv)
+
+output = sys.stdout
+decrypt = True if sys.argv[1] == 'decrypt' else False
+encrypt = not decrypt
+input = open(sys.argv[2]) if len(sys.argv) >= 3 else sys.stdin
+
+# FIXME: file closing
+
+keys = parse_file(input)
+for k in keys:
+	if isinstance(k, AuthorizedKey):
+		if encrypt:
+			k.comment = b64encode(cipher.encrypt(k.comment.encode())).decode()
+		else: # And now this is just wow.
+			k.comment = cipher.decrypt(b64decode(k.comment)).decode()
+dump_file(keys, output)